CVE-2021-42171

HIGH

Tribalsystems Zenario < 9.0.55143 - Unrestricted File Upload

Title source: rule

Description

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.

Exploits (2)

exploitdb WORKING POC

by minhnq22 · pythonwebappsphp

https://www.exploit-db.com/exploits/50850

View Code ZIP pw:eip

nomisec WORKING POC

by minhnq22 · poc

https://github.com/minhnq22/CVE-2021-42171

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/166617/Zenario-CMS-9.0.54156-Remote-Code-Execution.html

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/2

[Third Party Advisory] https://minhnq22.medium.com/file-upload-to-rce-on-zenario-9-0-54156-cms-fa05fcc6cf74

Scores

CVSS v3 7.2

EPSS 0.1781

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

tribalsystems/zenario 9.0.54156

tribalsystems/zenario 0 - 9.0.55143Packagist

Published Mar 14, 2022

Tracked Since Feb 18, 2026